[Bug 579280] New: Screen may be unlocked without password
http://bugzilla.novell.com/show_bug.cgi?id=579280 http://bugzilla.novell.com/show_bug.cgi?id=579280#c0 Summary: Screen may be unlocked without password Classification: openSUSE Product: openSUSE 11.2 Version: Final Platform: x86-64 OS/Version: openSUSE 11.2 Status: NEW Severity: Critical Priority: P5 - None Component: KDE4 Workspace AssignedTo: kde-maintainers@suse.de ReportedBy: StEndres@web.de QAContact: qa@suse.de Found By: --- Blocker: No After locking the screen it can be unlocked by pressing return about 10 seconds. The Screensaver crashes and after a while you get access to the desktop without a password. Tested with KDE 4.4 Opensuse 11.2. Should also work with GNOME http://www.heise.de/newsticker/meldung/Gnome-Bildschirmsperre-in-OpenSuse-Li... -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=579280
http://bugzilla.novell.com/show_bug.cgi?id=579280#c
Stefan Endres
http://bugzilla.novell.com/show_bug.cgi?id=579280
http://bugzilla.novell.com/show_bug.cgi?id=579280#c1
Karsten König
http://bugzilla.novell.com/show_bug.cgi?id=579280
http://bugzilla.novell.com/show_bug.cgi?id=579280#c2
--- Comment #2 from Stefan Endres
Are you sure you are using the kde screensaver? because I can't unlock it that way and the heise report is gnome specific, whereas opensuse wasn't the only ones affected: https://bugzilla.redhat.com/show_bug.cgi?id=562217
Well, I'm using KDE, I lock my screen and I can unlock it as described. My screensaver is set to "blank screen", so it should be a KDE one and I never used GNOME. So why should it be a gnome one? -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=579280
http://bugzilla.novell.com/show_bug.cgi?id=579280#c3
--- Comment #3 from Stefan Endres
http://bugzilla.novell.com/show_bug.cgi?id=579280
http://bugzilla.novell.com/show_bug.cgi?id=579280#c4
--- Comment #4 from Karsten König
http://bugzilla.novell.com/show_bug.cgi?id=579280
http://bugzilla.novell.com/show_bug.cgi?id=579280#c5
--- Comment #5 from Stefan Endres
http://bugzilla.novell.com/show_bug.cgi?id=579280
http://bugzilla.novell.com/show_bug.cgi?id=579280#c6
Marcus Meissner
http://bugzilla.novell.com/show_bug.cgi?id=579280
http://bugzilla.novell.com/show_bug.cgi?id=579280#c7
--- Comment #7 from Stefan Endres
http://bugzilla.novell.com/show_bug.cgi?id=579280
http://bugzilla.novell.com/show_bug.cgi?id=579280#c8
--- Comment #8 from Thomas Biege
http://bugzilla.novell.com/show_bug.cgi?id=579280
http://bugzilla.novell.com/show_bug.cgi?id=579280#c
Thomas Biege
http://bugzilla.novell.com/show_bug.cgi?id=579280
http://bugzilla.novell.com/show_bug.cgi?id=579280#c
Marcus Meissner
http://bugzilla.novell.com/show_bug.cgi?id=579280
http://bugzilla.novell.com/show_bug.cgi?id=579280#c9
Marcus Meissner
http://bugzilla.novell.com/show_bug.cgi?id=579280
http://bugzilla.novell.com/show_bug.cgi?id=579280#c10
Karsten König
http://bugzilla.novell.com/show_bug.cgi?id=579280
http://bugzilla.novell.com/show_bug.cgi?id=579280#c11
--- Comment #11 from Stefan Seyfried
http://bugzilla.novell.com/show_bug.cgi?id=579280
http://bugzilla.novell.com/show_bug.cgi?id=579280#c12
--- Comment #12 from Marcus Meissner
http://bugzilla.novell.com/show_bug.cgi?id=579280
http://bugzilla.novell.com/show_bug.cgi?id=579280#c13
--- Comment #13 from Marcus Meissner
http://bugzilla.novell.com/show_bug.cgi?id=579280
http://bugzilla.novell.com/show_bug.cgi?id=579280#c14
--- Comment #14 from Marcus Meissner
http://bugzilla.novell.com/show_bug.cgi?id=579280
http://bugzilla.novell.com/show_bug.cgi?id=579280#c15
--- Comment #15 from Stefan Seyfried
http://bugzilla.novell.com/show_bug.cgi?id=579280
http://bugzilla.novell.com/show_bug.cgi?id=579280#c16
--- Comment #16 from Stefan Endres
http://bugzilla.novell.com/show_bug.cgi?id=579280
http://bugzilla.novell.com/show_bug.cgi?id=579280#c17
--- Comment #17 from Marcus Meissner
http://bugzilla.novell.com/show_bug.cgi?id=579280
http://bugzilla.novell.com/show_bug.cgi?id=579280#c18
Marcus Meissner
Sorry it's not in the same thread, as I wasn't subscribed to this list at the time.
I can verify that only KDE SC 4.4.0 is affected. Released versions of 4.3 are *not* affected by this bug.
I have committed a patch to the KDE SVN server as revision 1089213. See https://bugs.kde.org/show_bug.cgi?id=217882#c16
Although this solved the problem for me locally, I'm in the process of having other testers verify that they can no longer reproduce the problem with this patch, and will report back once this is verified.
Gentoo and Fedora distribution maintainers have also tested this patch and verified that it works. The patch against 4.4.0 can easily be obtained from here: http://websvn.kde.org/?view=revision&revision=1089241 As this is now backported to the 4.4 branch, it is expected that 4.4.0 will be the only release affected by this vulnerability. Thanks, Jeff -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=579280
http://bugzilla.novell.com/show_bug.cgi?id=579280#c19
--- Comment #19 from Marcus Meissner
http://bugzilla.novell.com/show_bug.cgi?id=579280
http://bugzilla.novell.com/show_bug.cgi?id=579280#c20
Lubos Lunak
http://bugzilla.novell.com/show_bug.cgi?id=579280
http://bugzilla.novell.com/show_bug.cgi?id=579280#c21
--- Comment #21 from Thomas Biege
for the folks where it crash: rpm -q kdebase4-workspace (if not 4.4.0, post here ;)
kdebase4-workspace-4.3.85-381.19.i586 -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=579280
http://bugzilla.novell.com/show_bug.cgi?id=579280#c22
Thomas Biege
http://bugzilla.novell.com/show_bug.cgi?id=579280
http://bugzilla.novell.com/show_bug.cgi?id=579280#c23
--- Comment #23 from Thomas Biege
http://bugzilla.novell.com/show_bug.cgi?id=579280
http://bugzilla.novell.com/show_bug.cgi?id=579280#c24
--- Comment #24 from Stefan Seyfried
http://bugzilla.novell.com/show_bug.cgi?id=579280
http://bugzilla.novell.com/show_bug.cgi?id=579280#c25
Thomas Biege
http://bugzilla.novell.com/show_bug.cgi?id=579280
http://bugzilla.novell.com/show_bug.cgi?id=579280#c26
--- Comment #26 from Ludwig Nussel
participants (1)
-
bugzilla_noreply@novell.com